New FCC rules may impact Linux-based devices


New FCC rules may impact Linux-based devices

Jul. 06, 2007

New U.S. regulations went into effect today that could change how
vendors of devices with software-defined radios (SDR) use open-source
software. The new rules could impact manufacturers of mobile phones,
WiFi cards, and other devices that use SDR technologies.

SDR technologies are commonly used in today’s mobile phones and WiFi
equipment. The U.S. Federal Communications Commission’s (FCC) new
regulations are apparently aimed at ensuring that users of such
equipment cannot access source code needed to reprogram it – for
example, to output more power, or operate on inappropriate
frequencies, either of which could conceivably endanger public safety.

A summary document published by the FCC suggests that the new
regulations were actually proposed by Cisco, a vendor of wireless
cards and other networking equipment. The summary document suggests
that because of the new rules, SDR device vendors who use open-source
software in certain capacities could face challenges getting FCC

The FCC’s summary report reads, in part:

The Commission hereby states that ... manufacturers should not

intentionally make the distinctive elements that implement that
manufacturer’s particular security measures in a software defined
radio public, if doing so would increase the risk that these security
measures could be defeated or otherwise circumvented to allow
operation of the radio in a manner that violates the Commission’s
rules. A system that is wholly dependent on open source elements will
have a high burden to demonstrate that it is sufficiently secure to
warrant authorization as a software defined radio.

The Software Freedom Law Center reacted by issuing a whitepaper that
seems intended to keep open-source SDR software developers motivated
to continue their work. The whitepaper notes that the FCC’s authority
ends with hardware devices, and maintains that the agency has not
enacted any rules intended to regulate software development. “Even if
the FCC did have the power to regulate independent software
development, it has promulgated no rules governing such activity,” the
SFLC’s whitepaper reads in part.

Motorola and other vendors of Linux-based mobile phones typically
segregate radio software stacks from Linux application stacks by
running them on separate physical or virtual processors. A multiplexed
serial connection allows the Linux OS to access the network through a
limited AT-command-style API, just as if the radio baseband controller
were an actual modem. This architecture was designed to keep radio
software secure against compromises to the Linux OS, and far enough
removed from GPL-licensed software to prevent the GPL’s “viral” nature
from kicking in.

Some WiFi card vendors, meanwhile – Intel and Broadcom come to mind
– take advantage of Linux’s “hotplug” feature by writing open Linux
drivers that load sensitive radio software microcode from encrypted
binary files stored in the users’ filesystem. This arrangement seems
to be tolerated, if not unanimously appreciated, by the open source
community (who, after all, are glad to have use of inexpensive
wireless cards).

The FCC’s summary report also includes this comment about Linux and
open-source software:

The Commission recognizes that some manufacturers may wish to use

open source software (e.g., GNU/Linux) in developing SDRs. The use of
such software may have advantages for manufacturers such as lower cost
and decreased product development time."

The FCC’s 2500-word summary document is here, while the SFLC’s
whitepaper can be found here.

–Henry Kingman